Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.
This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.
AnalysisAI
Cisco IoT Field Network Director enables authenticated remote attackers with low-level privileges to crash remotely managed routers by submitting crafted requests through the web-based management interface. The vulnerability causes improper error handling that allows requesting unauthorized files from managed routers, forcing them to reload and creating a denial-of-service condition (CVSS 7.7, Changed Scope). No public exploit or active exploitation reported at time of analysis.
Technical ContextAI
Cisco IoT Field Network Director is an IoT operations platform for managing and monitoring field area network infrastructure, particularly in industrial environments. The vulnerability stems from CWE-284 (Improper Access Control) in the web management interface's file request handling mechanism. The Changed Scope (S:C) in the CVSS vector indicates the vulnerability exists in one component (IoT-FND) but impacts a separate resource (the managed routers), which is atypical for web-based DoS vulnerabilities and elevates the severity. The improper error handling fails to validate or restrict file access requests forwarded to managed devices, allowing low-privileged authenticated users to trigger unauthorized operations on downstream infrastructure components.
RemediationAI
Consult Cisco Security Advisory cisco-sa-iot-fnd-dos-n8N26Q4u at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u for vendor-released patches and exact fixed versions. Apply the latest IoT-FND software update as specified in the advisory. As interim mitigation, restrict web management interface access to trusted administrator IP addresses using firewall rules or access control lists, implement strict account privilege separation ensuring users have minimum necessary permissions (avoid granting low-privilege accounts any file access capabilities), and enable logging and alerting for unusual file request patterns or repeated router reload events. Note that restricting interface access may impact legitimate remote administration workflows. Deploy intrusion detection to monitor for crafted HTTP requests targeting file retrieval endpoints if patch deployment is delayed.
Authenticated remote attackers with low privileges can read arbitrary files via insufficient access controls in the web-
Cisco IoT Field Network Director's web-based management interface allows authenticated remote attackers with low privile
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27850
GHSA-48h9-c48p-4x99